The WINDOWS volume snapshot service was first included in MICROSOFT's WINDOWS XP operating system. In WINDOWS XP, the volume snapshot service creates non-persistent (i.e., temporary) snapshots that MICROSOFT refers to as volume shadow copies. Volume shadow copies may facilitate creating backups by providing a point-in-time representation of a volume. Volume shadow copies may also alleviate problems associated with file locking.
In WINDOWS 2003 SERVER, MICROSOFT introduced a feature referred to as Shadow Copies for Shared Folders. Shadow Copies for Shared Folders may create periodic point-in-time copies (i.e., snapshots or shadow copies) of files on a shared network resource. WINDOWS VISTA includes a similar feature called Previous Versions. Previous Versions may create periodic snapshots that store copies of files on local volumes.
The shadow copies created by WINDOWS 2003 SERVER and WINDOWS VISTA may be particularly vulnerable to malicious access because they are persistent, rather than temporary, snapshots. Furthermore, the Shadow Copies for Shared Folders service in WINDOWS 2003 SERVER and the Previous Versions service in WINDOWS VISTA may be enabled by default. Thus, many computers running WINDOWS VISTA may store persistent shadow copies of the computers' volumes that may be directly accessible by any code running on the computers. Similarly, many networks with servers running WINDOWS 2003 SERVER may store persistent shadow copies of network resources that may be accessible to many network devices.
Traditional data protection systems may protect original data but may not protect the persistent shadow copies of the original data. Attackers who are unable to access the original data, may target the shadow copies. Thus, users may have a false sense of security because sensitive information in the original data may be protected, but the same sensitive information may be exposed and easily accessible through a snapshot.